In Outlook server doesn't support the encryption method specified error

IRZQ88 · Jul 3, 2018

Yesterday when i setup a new VPS server, after migrating and changing nameserver, my client cannot send nor receive emails from my VPS server through Outlook. Doesn't matter which Outlook version, but if it using Windows 7 OS PC, i'll get an error 0x800CCC1A that saying my server doesn't support the encryption method specified. But if it using Windows 10, it can receive and sent emails normally.

I even had copy my Exim configuration from the old VPS using transfer tools, but the result is the same. Then i'm trying to update the "SSL/TLS Cipher Suite List" and "Options for OpenSSL" as this posting mentioned, but the result still the same, nothing change, my clients with Windows 7 OS still couldn't send nor receive email with the same errors.

FYI, I've attached my settings screenshot below and I'm using cPanel version 72.0.7.

So finally I've decided to change my nameserver to my old VPS, and it works normally for Windows 7 or Windows 10. This is very weird!

Anybody could help please? Thank you.

mtindor · Jul 3, 2018

Just to get you going -- I would expect you to make a determination whether or not to use these settings long term.

Dovecot:
Code:
SSL Cipher List:  ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

SSL Protocols:  !SSLv2 !SSLv3
Exim [Home --> Service Configuration --> Exim Configuration Manager --> Security]
Code:
Options for OpenSSL:

+no_sslv2 +no_sslv3

SSL/TLS Cipher Suite List:

ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS
/scripts/restartsrv_dovecot
/scripts/restartsrv_exim

NOTE: Make sure you make note of your current configuration. If the above info doesn't work for you, revert back. If you use this information and then suddenly something doesn't start back up, I can't help you. It's easy to revert back if you have kept a record of the previous settings.

Mike

IRZQ88 · Jul 3, 2018

mtindor said: ↑
Just to get you going -- I would expect you to make a determination whether or not to use these settings long term.

Dovecot:
Code:
SSL Cipher List:  ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

SSL Protocols:  !SSLv2 !SSLv3
Exim [Home --> Service Configuration --> Exim Configuration Manager --> Security]
Code:
Options for OpenSSL:

+no_sslv2 +no_sslv3

SSL/TLS Cipher Suite List:

ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS
/scripts/restartsrv_dovecot
/scripts/restartsrv_exim

NOTE: Make sure you make note of your current configuration. If the above info doesn't work for you, revert back. If you use this information and then suddenly something doesn't start back up, I can't help you. It's easy to revert back if you have kept a record of the previous settings.

Mike
Click to expand...
Thanks for the fast response Mike! But sorry, i don't understand what do you mean by this one?:
Code:
Dovecot:

SSL Cipher List:  ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

SSL Protocols:  !SSLv2 !SSLv3

mtindor · Jul 3, 2018

Dovecot is the IMAP/POP3 server, and you need to make sure that it's SSL/TLS settings work with Outlook as well.

WHM --> Service Configuration --> Mailserver Configuration

In there you'll see the SSL Cipher List and SSL Protocols sections if you are running Dovecot.

If you are just making changes to Exim, that only handles any issues you may have been having _sending_ mail with Outlook. If you have issues _receiving_ mail with Outlook, that's all Dovecot.

Mike

IRZQ88 · Jul 3, 2018

mtindor said: ↑

Dovecot is the IMAP/POP3 server, and you need to make sure that it's SSL/TLS settings work with Outlook as well.

WHM --> Service Configuration --> Mailserver Configuration

In there you'll see the SSL Cipher List and SSL Protocols sections if you are running Dovecot.

If you are just making changes to Exim, that only handles any issues you may have been having _sending_ mail with Outlook. If you have issues _receiving_ mail with Outlook, that's all Dovecot.

Mike
Click to expand...

I see.. Thanks Mike for this great explanation! I'll update the result here soon!

mtindor · Jul 3, 2018

You should also read the following thread [to make sure your Windows 7 is as up to date as it can be with regard to supporting various SSL/TLS options, etc. After all, the only ones with problems sending/receiving emails with the cPanel-preferred SSL/TLS settings for services are those running outdated operating systems, operating systems that haven't been updated, or email clients that haven't been updated. If you can fix the email client / client computer, you don't have to lower security on the server side.

Outlook 2016 Sending Email Fails After Cipher Suite Update

Mike

IRZQ88 · Jul 3, 2018

mtindor said: ↑

You should also read the following thread [to make sure your Windows 7 is as up to date as it can be with regard to supporting various SSL/TLS options, etc. After all, the only ones with problems sending/receiving emails with the cPanel-preferred SSL/TLS settings for services are those running outdated operating systems, operating systems that haven't been updated, or email clients that haven't been updated. If you can fix the email client / client computer, you don't have to lower security on the server side.

Outlook 2016 Sending Email Fails After Cipher Suite Update

Mike
Click to expand...

Okay, Once again thanks for your help!

cPanelLauren · Jul 3, 2018

Hello @IRZQ88

I also want to point out that rather than allow SSLv2 or SSLv3 you should first have your client add the Microsoft patch for TLSv1.2 https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

Win 7 did not come with support for this originally and usually installing the patch they provide will allow the connection to be successful while still maintaining a secure environment.

Thanks!

IRZQ88 · Jul 3, 2018

mtindor said: ↑
Just to get you going -- I would expect you to make a determination whether or not to use these settings long term.

Dovecot:
Code:
SSL Cipher List:  ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

SSL Protocols:  !SSLv2 !SSLv3
Exim [Home --> Service Configuration --> Exim Configuration Manager --> Security]
Code:
Options for OpenSSL:

+no_sslv2 +no_sslv3

SSL/TLS Cipher Suite List:

ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS
/scripts/restartsrv_dovecot
/scripts/restartsrv_exim

NOTE: Make sure you make note of your current configuration. If the above info doesn't work for you, revert back. If you use this information and then suddenly something doesn't start back up, I can't help you. It's easy to revert back if you have kept a record of the previous settings.

Mike
Click to expand...
Thanks a lot Mike! This actually works!!! I don't believe this!!! :D

cPanelLauren said: ↑

Hello @IRZQ88

I also want to point out that rather than allow SSLv2 or SSLv3 you should first have your client add the Microsoft patch for TLSv1.2 https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

Win 7 did not come with support for this originally and usually installing the patch they provide will allow the connection to be successful while still maintaining a secure environment.

Thanks!
Click to expand...

I see, Okay I'll check it up asap! Thank you Lauren!

cPanelLauren · Jul 4, 2018

Great! Please let us know how it works out and if you have any further issues.

Thanks!

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

In Outlook server doesn't support the encryption method specified error

IRZQ88 Active Member

Attached Files:

Error1_Outlook.JPG

Error2_Outlook.JPG

mtindor Well-Known Member

IRZQ88 Active Member

mtindor Well-Known Member

IRZQ88 Active Member

mtindor Well-Known Member

IRZQ88 Active Member

cPanelLauren Forums Analyst
Staff Member

IRZQ88 Active Member

cPanelLauren Forums Analyst
Staff Member

Desde Outlook me auto envío correo (a mi mismo corroe) y no llegan

Outlook/Hotmail won't receive on default email

Mailing list Moderates Outlook Email

Thunderbird and Outlook dont send email

Office Outlook 2013

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

In Outlook server doesn't support the encryption method specified error

IRZQ88 Active Member

Attached Files:

Error1_Outlook.JPG

Error2_Outlook.JPG

mtindor Well-Known Member

IRZQ88 Active Member

mtindor Well-Known Member

IRZQ88 Active Member

mtindor Well-Known Member

IRZQ88 Active Member

cPanelLauren Forums Analyst Staff Member

IRZQ88 Active Member

cPanelLauren Forums Analyst Staff Member

Desde Outlook me auto envío correo (a mi mismo corroe) y no llegan

Outlook/Hotmail won't receive on default email

Mailing list Moderates Outlook Email

Thunderbird and Outlook dont send email

Office Outlook 2013

Share This Page

cPanelLauren Forums Analyst
Staff Member

cPanelLauren Forums Analyst
Staff Member